IPMediumSignal 67/100
169.211.232.182
Location
Korea, Republic ofIcheon-si, Gyeonggi-do
ASN
AS4766
Kornet
First Seen
Nov 2, 2024
Last Seen
Jun 8, 2026
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryKorea, Republic of
Korea, Republic ofRegionIcheon-si, Gyeonggi-do
ASNAS4766
OrganizationKornet
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
34 reports67% confidence
34
Source reports
67%
Confidence score
Category tags
abuseaccess controlaccount accessaccount compromiseaccount enumerationaccount lockoutaccount takeover attemptactive scanactive scanningactive-attackadresse ipanomalous network connectionsapacheapache attackeraptasiaatif feedattackattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauthentication-failureauto-generated securityautomated attackautomated multi-vector probingautomated-attackazure adazure securitybad reputationbad web botbankingbanlist feedbelgiumbelgium ip addressesbinary defenseblock listblock.txtblocked sign-inblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbruteforcec2c2 communicationc2 serverchina mobilecisco brute forcecisco devicecisco device targetingcisco exploit attemptcisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injection attemptcommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostsconpot honeypotcowriecowrie honeypotcowrie interactionscredential accesscredential attackcredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-accesscredential-dumpingcredential-harvestingcredit card servicesctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase intrusiondatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdigital oceandionaea activitydionaea honeypotdionaea interactionsdirectory traversal attemptdistributed attacksemailemail-protocolencryptionendpoint scanningenterprise networkingentra idenumerationenv-huntingeuropeexecutable fileexploitexploit attemptexploit probingexploit public-facing applicationexploitationexploitation activityexploitation attemptsexploited hostexternal remote servicesexternal-scanningexternal_threatfail2ban triggeredfattfatt analysisfatt signaturesfinancefinancial servicesfinancial technologyfinlandfinland activityfnt-secure-sentinelfnt-sentinelfrancefraud ordersftpftp attacksftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap activityhoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usicmpics securityidentity & access exploitationimapimap attackimap brute forceindicatorindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial-accessinjection activityinjection attacksinternet_scannersintrusion detectioniociot securityiot targetediot/ics attackip-addressipv4ipv4_activityit infrastructurekill-chain exploitationkill-chain reconnaissancekorea (the republic of)korea, republic ofkrlamplamp exploitlamp stack attackslamp stack targetinglamp vulnerability scanlateral movementlogin attacklogin attemptlogin brute forcelogin enumerationlogin failurelow-riskmailmailoney activitymailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious hostmalicious ip addressesmalicious payload detectionmalicious softwaremalicious trafficmalicious-ipmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware downloadmanualmicrosoft azuremicrosoft entra idmod securitymultiple accountsmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork accessnetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork infrastructurenetwork infrastructure attacknetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork traffic analysisnetwork-attacknetwork-protocolnetwork-reconnaissancenetwork_discoverynginxnorth americaoceaniaopenctiosintp0fp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpayment processingpgp signphishingphishing attackphishing trapping of deathpolandpop3 brute forceport-scanpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationpublicly accessible infrastructureransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote servicesresearchedresource hijackingsaslsasl authentication attacksasl brute forcescams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsservice enumerationservice scansftp access attemptsftp access attemptssftp activitysftp attacksftp exploit attemptsign-in logs analysissingle ip attacksingle ip sourcesipsip attackssip brute forcesip scanningsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsmtp-attacksocial engineeringsocradar honeypotsoftware developmentsoftware exploitationsouth koreaspamsql injection attemptsql-injectionsshssh attackssh attacksssh monitoringssh protocolssh-brutesuricata alertsswedent-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505t1550t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tannertanner activitytanner interactionstargeting databasetcp attacktcp brute forcetcp protocoltcp protocol attacktcp scantcp-scanningtelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventionthreat-inteltimeouttop10.txttopips.txttor nodetpotturkeyudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunited kingdomunited statesunknown threat groupus abuseus ip addressus noneus sourceus source ipvalid accountsvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanwealth managementweb app attackweb application attackweb application attacksweb attackweb exploitationweb shell attemptweb spamweb trafficweb-attack
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
· Peak: 2026-06-08LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
34
Reports
First seenNov 2, 2024
Last seenJun 8, 2026
GeolocationKR
CountryKorea, Republic of
LocationIcheon-si, Gyeonggi-do
ASNAS4766
OrgKornet
Coords37.5112, 126.9741
VPN
VirusTotal
Not checked
WHOIS
- description
- Score: 100/100 | Detector: threat_feed | Label: reported_abuse | Tags: reported_abuse, abuseipdb
- raw
- inetnum: 169.208.0.0 - 169.223.255.255 netname: KORNET descr: Korea Telecom admin-c: IM667-AP tech-c: IM667-AP country: KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR last-modified: 2017-02-03T02:22:07Z source: APNIC irt: IRT-KRNIC-KR address: 9, Jinheung-gil, Naju-si, Jeollanam-do e-mail: [email protected] abuse-mailbox: [email protected] admin-c: IM574-AP tech-c: IM574-AP auth: # Filtered remarks: [email protected] was validated on 2020-04-09 mnt-by: MNT-KRNIC-AP last-modified: 2025-09-04T01:00:01Z source: APNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM667-AP mnt-by: MNT-KRNIC-AP last-modified: 2017-03-28T06:37:04Z source: APNIC inetnum: 169.208.0.0 - 169.223.255.255 netname: KORNET-KR descr: Korea Telecom country: KR admin-c: IA9-KR tech-c: IM9-KR status: ALLOCATED PORTABLE mnt-by: MNT-KRNIC-AP mnt-irt: IRT-KRNIC-KR changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IA9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC person: IP Manager address: Gyeonggi-do Bundang-gu, Seongnam-si Buljeong-ro 90 address: KT Head Office country: KR phone: +82-2-500-6630 e-mail: [email protected] nic-hdl: IM9-KR mnt-by: MNT-KRNIC-AP changed: [email protected] 20240912 remarks: This information has been partially mirrored by APNIC from remarks: KRNIC. To obtain more specific information, please use the remarks: KRNIC whois server at whois.kisa.or.kr. source: KRNIC
- references
- https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://purplesynapz.com/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 16 days ago
Appeared in 34 threat reports